1394 matches found
CVE-2026-2718 Dealia <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes
The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...
CVE-2026-2718 Dealia <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes
The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.8. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...
CVE-2026-2633
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...
CVE-2025-13842 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...
WordPress Dealia plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability discovered by Ronnachai Sretawat Na Ayutaya Simonhaskelly - Reconix Co., Ltd. in WordPress Plugin Dealia versions = 1.0.6...
WordPress plugin Breadcrumb NavXT 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-20795
The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of wp kses for output escaping within HTML attribute contexts where esc attr is required. This makes it...
CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...
CVE-2026-2633
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...
PT-2026-20352
The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the process image data ajax callback function which handles the kadence import process image data AJAX...
WordPress plugin Gutenberg Blocks with AI by Kadence WP 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter vulnerability
Authenticated Contributor+ Server-Side Request Forgery via 'endpoint' Parameter vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...
WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload vulnerability
Missing Authorization to Authenticated Contributor+ Unauthorized Media Upload vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...
CVE-2026-2608
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2026-2608 Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2026-2608
CVE-2026-2608 : Kadence Blocks — Page Builder Toolkit for Gutenberg Editor vulnerability in WordPress. Up to version 3.5.32, missing capability check allows authenticated users with Contributor-level access and above to perform an unauthorized action. Patch status in Wordfence context shows mitig...
WordPress plugin Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-8403
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...
WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication vulnerability
Incorrect Authorization to Authenticated Contributor+ Post Publication vulnerability discovered by johska in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.5.32...
CVE-2026-1268
The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...